OX App Suite on Debian GNU/Linux 8.0

This article will guide you through the installation of OX App Suite, it describes the basic configuration and software requirements. As it is intended as a quick walk-through it assumes an existing installation of the operating system and requires average system administration skills. More, this guide will show you how to setup a basic installation with none of the typically used distributed environment settings. The objective of this guide is:

Requirements

vim is not installed by default on Debian. If you want to copy & paste the commands from this article into a shell window, you need to apt-get install vim first.

Add Open-Xchange Repository

Open-Xchange maintains public available software repositories for different platforms, such as Debian. This repository should be added to the Debian installation to enable simple installation and updates.

Start a console and modify the Debian repository information file. Also add the Open-Xchange software repository:

Updating repositories and install packages

It is highly recommended to import the Open-Xchange build key to your package systems trusted keyring in order to make sure only Open-Xchange packages with valid signing are installed on the system. Otherwise you'll encounter warnings about untrusted package sources. To import the Open-Xchange buildkey, please refer to this quick guide: Importing OX Buildkey.

Reload the package index. This will download the package descriptions available at the software repositories and will enable the Open-Xchange repository as a valid source for signed packages:

$ apt-get update

The following command starts the download and installation process of all required package for Open-Xchange deployment:

Note 1: You have to choose between one of the available authentication packages depending on your requirements.

You will be asked multiple times to enter a MySQL password, please do not enter a password at this point. You should enter a strong MySQL admin password for the user "mysql" after the installation has been finished. See: MySQL Reference Manual

Important: Some of the scripts assume you have mysql root access from the command line, therefore the advice of "not" to enter a password. If you do, you may find problems following the instructions provided in this howto.

Open-Xchange configuration

To avoid confusion right at the start notice that Open-Xchange uses multiple administration levels and requires different credentials at some stages at the installation and server management. Note that the passwords chosen at this guide are weak and should be replaced by stronger passwords.

In order to setup the Open-Xchange Server it is mandatory to have the database running:

$ systemctl start mysql

Note: in case of a distributed setup, it is recommended to start mysql with --skip-name-resolve or to add all hosts to the hosts file of the database server so that slow DNS responses do not slow down the creation of new database connections.
In a distributed setup you should also take care of the fact that Open-Xchange supports only a Statement Based Replication at the moment (http://dev.mysql.com/doc/refman/5.1/en/replication-formats.html). See also Load_balancing_and_clustering

a good idea is to add the Open-Xchange binaries to PATH:

$ echo PATH=$PATH:/opt/open-xchange/sbin/ >> ~/.bashrc && . ~/.bashrc

Now we have to initialize the Open-Xchange configdb database. This can all be done by executing the initconfigdb script.

$ /opt/open-xchange/sbin/initconfigdb --configdb-pass=db_password -a

Add the -i option if you want to remove an already existing open-xchange configdb.

Note: The -a parameter adds an administrative account to mysql, this administrative account is required for the creation of the oxdatabase database, you may find problems following the instructions of this tutorial if you either set a mysql root password or do not create this administrative account, if you have manually setup this administrative account, grant the permissions for database creation or you may find a problem in the context creation.

Before starting any service, all basic configuration files need to be set up correctly. The --configdb-pass option indicates the password of the openexchange database user previously created, the --master-pass options specifies the password of the Open-Xchange adminmaster user that will be created when executing the oxinstaller script.

Important: You should have your Open-Xchange license code at hand. If you do not plan to license Open-Xchange, you can use the option --no-license instead. Please also check OXReportClient documentation for more information about configuring a supported and maintained Open-Xchange server.

Important: For MAX_MEMORY_FOR_JAVAVM a rule of thumb for simple installations is half available system memory. The value must be in MB. For example "1024" for 1GB .

Now is a good time to configure the way OX will authenticate to your mail server. Edit the file /opt/open-xchange/etc/mail.properties and change the com.openexchange.mail.loginSource to use. This is very important for servers that require your full email address to log in with.

Now we have to create a local directory that should be used as Open-Xchange filestore. This directory will contain all Infostore content and files attached to groupware objects. To maintain access by the Open-Xchange Groupware service, it is required to grant permissions to the open-xchange system user.

Note 3:
Take into account that a global database is needed in order to store
data across context boundaries. Please see this documentation on how to register it.

Configure services

Now as the Open-Xchange Server has been set up and the database is running, we have to configure the Apache webserver and the mod_proxy_http module to access the groupware frontend. To gain better GUI performance, the usage of mod_expires and mod_deflate is strongly recommended. Those modules will limit the amount of client requests and compress the delivered content.

to properly instruct the backend about the security status of the connection and the remote IP used to contact the backend.

Enable the proxy configuration

$ a2enconf proxy_http.conf

After the configuration is done, restart the Apache webserver

$ systemctl restart apache2

Upgrade from Debian 7

If you updated from Debian 7 to Debian 8 the proxy_http.conf file is still located in the conf.d directory which is not read in Debian 8. So you have to move the file to conf-available and execute a2enconf proxy_http afterwards.

Apache Setting for more concurrent Connections

By default apache2 is configured to support 150 concurrent connections. This forces all parallel requests beyond that limit to wait. Especially if, for example, active sync clients maintain a permanent connection for push events to arrive. The following article explains how that can be done

Creating contexts and users

Now as the whole setup is complete and you already should get a login screen when accessing the server with a webbrowser, we have to setup a context and a default user as the last step of this tutorial.

The mapping defaultcontext will allow you to set this context as the default one of the entire system so that users which will be created within this context can login into Open-Xchange Server without specifying their domain at the login screen. Only one context can be specified as defaultcontext. The oxadmin user that will be created by this command is the default admin of the created context. This account will gather additional functions that are also described in the administration manual. The context id parameter must to be unique and numeric, otherwise the server will complain when you try to create a context. New contexts must be created by the oxadminmaster user, user accounts inside a context are created with the credentials of the contexts oxadmin account. The access-combination-name property defines the set of available modules and functions for users of the context.

To create a user for testing purposes (Make sure the password you use here for the user is the same password as your email account or you will not be able to use the email module until it is set right):

Now connect to the server with a webbrowser and login using the credentials testuser / secret.

A complete overview about the different parameter is provided at the permission matrix

If you need to migrate a batch of users and contexts at once, check the CSV Batch Import documentation page.

Log files and issue tracking

Default logging mechanism

Whenever unexpected or erroneous behavior takes place, it will be logged depending on the configured loglevel. All logfiles are stored at the operating systems default location. Events triggered by the Open-Xchange Groupware services are logged to a rotating file open-xchange.log, events triggered by the Open-Xchange Administration service are logged to open-xchange-admin.log. Those files are the very first place to monitor.

$ tail -f -n200 /var/log/open-xchange/open-xchange.log.0

Alternative logging mechanisms

Apart from the default file logging mechanism, Open-Xchange supports logging via logback framework and therefore via syslog and/or logstash. This makes it possible to directly log to a local or remote syslog daemon or other services. Logback is highly customizable, please see the documentation below.

Performance & Tuning Tips

Depending on your setup and the user accounts, it´s often helpful to know, how to get a better performance from the complete system. This section will try to assist you, how to tune the components within an OX setup, before you need to install a second server, add more RAM, add new CPU to existing servers.

MySQL

Since OX itself used very specific features from MySQL like InnoDB instead of MyISAM as DB Engine, it´s often needed, how to increase performance of the OX databases. In general, you should always monitor your MySQL system via tools like "munin", to see when your system reaches it´s limits. Once, you recognized, the system responds more and more slowly, you start to read and research on the internet how to change your mysql configuration, specially, the my.cnf file. But due to the fact, that nearly every system is different in regards of hardware etc. you cannot just copy&paste existing configurations. At this point, a tool called "mysqltuner.pl" can help you. MySQLTuner is a script written in Perl that will assist you with your MySQL configuration and make recommendations for increased performance and stability. Within seconds, it will display statistics about your MySQL installation and the areas where it can be improved. To work with this tool, you need unrestricted read access to the MySQL server (OS root access is recommended). Just download and execute as shown below, and modify your existing my.cnf configuration file.

IMPORTANT INFO: The MySQL system must run for several days, to gather statistics and informations about queries etc. from OX. After these days, you should execute mysqltuner.pl script. It does not work if you run it directly after installing an OX/MySQL setup. You can force traffic to OX while writing automatic testcases or jmeter plans.

As already said, this is just ONE way to analyze MySQL systems. You can also check MYSQL.com for a consultant service or similar.